ABSTRACT
Keyboard acoustic recognition is a pivotal area within cybersecurity and human-computer interaction, where the identification and analysis of keyboard sounds are used to enhance security measures. The performance of acoustic-based security systems can be influenced by factors such as the platform used, typing style, and environmental noise. To address these variations and provide a comprehensive resource, we present the Multi-Keyboard Acoustic (MKA) Datasets. These extensive datasets, meticulously gathered by a team in the Computer Science Department at the University of Halabja, include recordings from six widely-used platforms: HP, Lenovo, MSI, Mac, Messenger, and Zoom. The MKA datasets have structured data for each platform, including raw recordings, segmented sound files, and matrices derived from these sounds. They can be used by researchers in keylogging detection, cybersecurity, and other fields related to acoustic emanation attacks on keyboards. Moreover, the datasets capture the intricacies of typing behaviour with both hands and all ten fingers by carefully segmenting and pre-processing the data using the Praat tool, thus ensuring high-quality and dependable data. This comprehensive approach allows researchers to explore various aspects of keyboard sound recognition, contributing to the development of robust recognition algorithms and enhanced security measures. The MKA Datasets stand as one of the largest and most detailed datasets in this domain, offering significant potential for advancing research and improving defences against acoustic-based threats.
ABSTRACT
Online security threats have arisen through Internet banking hacking cases, and highly sensitive user information such as the ID, password, account number, and account password that is used for online payments has become vulnerable. Many security companies have therefore researched protection methods regarding keyboard-entered data for the introduction of defense techniques. Recently, keyboard security issues have arisen due to the production of new malicious codes by attackers who have combined the existing attack techniques with new attack techniques; however, a keyboard security assessment is insufficient here. The research motivation is to serve more secure user authentication methods by evaluating the security of information input from the keyboard device for the user authentication, including Internet banking service. If the authentication information input from the keyboard device is exposed during user authentication, attackers can attempt to illegal login or, worst, steal the victim's money. Accordingly, in this paper, the existing and the new keyboard-attack techniques that are known are surveyed, and the results are used as the basis for the implementation of sample malicious codes to verify both a security analysis and an assessment of secure keyboard software. As a result of the experiment, if the resend command utilization attack technique is used, 7 out of 10 companies' products expose keyboard information, and only 1 company's products detect it. The fundamental reason for these vulnerabilities is that the hardware chip related to the PS/2 interface keyboard does not provide security facilities. Therefore, since keyboard data exposure does not be prevented only by software, it is required to develop a hardware chip that provides security facilities.